通过管道使用openssl是安全的吗?
[英]Using openssl via pipe is secure?
问题描述
I use openssl on the shell for encrypting data and would like to decrypt the data later at runtime in a ObjC/C/C++ program. 
我在外壳上使用openssl加密数据,并希望稍后在运行时使用ObjC / C / C ++程序解密数据。 As I could not get it working using the openssl library I call openssl from the program "on the console" and pipe the decrypted result back into a string, using popen() etc. This works perfectly but I wonder if this approach is as secure as using it "internally". 由于无法使用openssl库使它正常工作,我从程序“在控制台上”调用openssl,然后使用popen()等将解密的结果通过管道传送回字符串中。这是完美的方法,但我想知道这种方法是否安全就像“内部”使用它一样。
Thanks for comments or hints, as I haven't found anything useful on the web yet... 感谢您的评论或提示,因为我还没有找到任何有用的信息...
Matthias 马蒂亚斯
1 个解决方案
解决方案1
2 2011-01-24 14:07:02
You're potentially exposing yourself to a couple of more attack vectors, beyond that it's not that much less secure than linking against and using the OpenSSL library. 您可能会将自己暴露给更多的攻击媒介,除此之外,它的安全性不亚于链接和使用OpenSSL库。
The program and it's arguments you're running from popen may expose additional info through argv, if you can specify the key material directly on the command-line and do so, this would be exposed through /proc/<pid>/cmdline (and ps/top/etc.). 您从popen运行的程序及其参数可能会通过argv公开其他信息,如果您可以直接在命令行上指定关键材料并这样做,则可以通过/ proc / <pid> / cmdline公开(以及ps / top / etc。)。 This is what I'd worry about the most if I were to decrypt via another process and pass it to another application through an pipe. 如果我要通过另一个进程解密并通过管道将其传递给另一个应用程序,这就是我最担心的问题。 As root they would also be able to read /proc/<pid>/environ if you pass key-material to the application through environment, although if they're root there's all sorts of other shenanigans they can do as well to get a hold of your stuff regardless of which method you use openssl (library/binary+pipe). 作为root用户,如果您通过环境将密钥材料传递给应用程序,他们也将能够读取/ proc / <pid> / environ,尽管如果他们是root用户,那么他们也可以做各种各样的其他恶作剧以获取控制权。无论您使用哪种方法使用openssl(库/二进制+管道),都可以使用您的东西。
There's a few other things like replacing the openssl binary with something malicious, or injecting it earlier in PATH if you let popen/shell determine which openssl binary to use, although if they can do this chances are they also can get a hold of key-material and ciphertext through easier means (or they could replace or LD_PRELOAD a malicous openssl library, which neatly would defeat dynamically linking against openssl also). 还有其他一些事情,例如用恶意软件替换openssl二进制文件,或者如果让popen / shell确定要使用哪个openssl二进制文件,则将其注入PATH的较早位置,尽管如果他们能做到这一点,他们还可以获得一个密钥-通过更简单的方法(或者它们可以替换或LD_PRELOAD一个恶意的openssl库,它也很巧妙地击败了与openssl的动态链接),从而获得了更好的材料和密文。 The same goes for snooping on the pipe, they'd have to run as root or your user. 侦听管道也是如此,它们必须以root或您的用户身份运行。
In short, if you can popen without exposing anything sensitive through argv it's not that much less secure than using the OpenSSL library. 简而言之,如果您可以通过argv公开而不暴露任何敏感信息,那么它的安全性不会比使用OpenSSL库低很多。 Yes, there's a few more ways of getting a hold of your stuff, but it'd require them to run as a user which would be able to get a hold of your stuff anyway (although it'd possibly require a bit more effort). 是的,还有其他几种方法可以保存您的东西,但是它要求它们以用户身份运行,无论如何它都可以保留您的东西(尽管可能需要更多的努力) 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.